SandboxJS Prototype Pollution Vulnerability Leading to Remote Code Execution
Vulnerability
A vulnerability in SandboxJS, a JavaScript sandboxing library, allows for prototype pollution that can be exploited to escape the sandbox and execute remote code. This issue affects versions of SandboxJS through 0.8.26. The vulnerability arises because the library does not properly restrict the `__lookupGetter__` method, which can be used to access prototypes and bypass the sandbox's security measures.
Impact
Exploitation of this vulnerability allows for prototype pollution, which can be leveraged to execute arbitrary code remotely, potentially leading to a complete compromise of the affected system.
Reproduction
The vulnerability can be reproduced by creating a sandbox instance and compiling a payload that uses `Object.toString.__lookupGetter__('__proto__')` to access the prototype of an object, such as a Map. The prototype's `has` method can then be manipulated, and subsequently, a command can be executed using Node.js's child_process module.
Remediation
Users are advised to update to SandboxJS version 0.8.27, where this vulnerability has been fixed.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.